Wanna Download? Get Your Signed URLs Here

November 9, 2014

By Shiran Rubin

SHARE:

The new features that a Bintray Premium account exposes are exactly what you need for commercial software distribution. Private repositories, fine-grained permission management, storage-as-you-go and much more. Private repositories are a great way to control who can access your artifacts, but what happens if you want to give someone limited access to a specific artifact. Sort of a “one-off” download. Signed URLs is the answer.

What’s a Signed URL?

Generally, artifacts you store in a private repository are hidden from unauthorized Bintray users. A Signed URL is a unique URL you can generate to expose your artifact for download by anyone you provide it to, whether they have a Bintray account or not. To keep you in control, you can specify a time limit after which the URL expires, or revoke any outstanding URLs at any time.

How do you Sign a URL?

Every premium account in Bintray comes with a unique pair of internal private and public keys which are used to encrypt and decrypt the URLs that you sign. The standard download link for a file called artifactory.rar, stored in a private repository called artifactory, and owned by a user called srubinis:https://dl.bintray.com/srubin/artifactory/com/jfrog/artifactorypro/artifactory.rarSince the file is private, only authorized users can access it for download.

To generate a signed URL for limited download of this file, you can use a simple REST API call:

Summary

That’s all it takes. A simple API call lets you generate signed, limited-time URLs so you can provide limited download availability of any file you store in your private repositories to anyone. Stay tuned to see what we have in store for you. Things will just keep getting cooler.